sslsd-logo

SSL Partner Center: Error – The Certificate Signing Request field allows a maximum of 4000 characters.

In the SSL Partner Center client may get the following Warning message:

The Certificate Signing Request field allows a maximum of 4000 characters. You have
exceeded the limit.

Causes:
This warning message is caused by the following reasons.

  • When generating the CSR on a Windows IIS or Exchange system using the Renew.. feature that IIS and Exchange provides causes a glitch  and creates an abnormally long and corrupted CSR that exceeds 4000 characters.
  • The CSR itself was generated with many SAN. This will cause the CSR to be abnormally long reaching the character limit.

Resolutions:
Resolution will vary depending on its cause.

  • If the CSR was created using the Renew.. feature on a Windows IIS or Exchange system the client must generate a brand new CSR instead of using the renewal feature that Windows provides. New CSR generation instructions can be found here.
  • Do not enter SANs in the CSR. Instead generate a new CSR with no SANs and manually enter the requested SANs when enrolling for the SSL certificate within the portal.
    • Another option is to shorten the amount of SANs on the CSR.
    • Typically the CSR field will accept a CSR with 25 SAN’s on a 2048 bit keypair.  Manually enter the rest within the enrollment portal if more SANs are desired for this one SSL certificate order.

 

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »